Kleene Algebra with Hypotheses?

Amina Doumane1,2, Denis Kuperberg1, Damien Pous1, Pierre Pradic1,2

1 Univ Lyon, EnsL, UCBL, CNRS, LIP, F-69342, LYON Cedex 07, France.2 Warsaw University, MIMUW

Abstract. We study the Horn theories of Kleene algebras and star con-tinuous Kleene algebras, from the complexity point of view. While theirequational theories coincide and are PSpace-complete, their Horn theo-ries differ and are undecidable. We characterise the Horn theory of starcontinuous Kleene algebras in terms of downward closed languages andwe show that when restricting the shape of allowed hypotheses, the prob-lems lie in various levels of the arithmetical or analytical hierarchy. Wealso answer a question posed by Cohen about hypotheses of the form1 = S where S is a sum of letters: we show that it is decidable.

Keywords: Kleene Algebra · Hypotheses · Horn theory · Complexity.

1 Introduction

Kleene algebras [10,6] are idempotent semirings equipped with a unary operationstar such that x∗ intuitively corresponds to the sum of all powers of x. Theyadmit several models which are important in practice: formal languages, whereL∗ is the Kleene star of a language L; binary relations, where R∗ is the reflexivetransitive closure of a relation R; matrices over various semirings, where M∗ canbe used to perform flow analysis.

A fundamental result is that their equational theory is decidable, and actu-ally PSpace-complete. This follows from a completeness result which was provedindependently by Kozen [11] and Krob and Boffa [17,3], and the fact that check-ing language equivalence of two regular expressions is PSpace-complete: giventwo regular expressions, we have

KA ` e ≤ f iff [e] ⊆ [f ]

(where KA ` e ≤ f denotes provability from Kleene algebra axioms, and [e] isthe language of a regular expression e).

Because of their interpretation in the algebra of binary relations, Kleenealgebras and their extensions have been used to reason abstractly about program

? This work has been supported by the European Research Council (ERC) un-der the European Union’s Horizon 2020 programme (CoVeCe, grant agreement No678157) and by the LABEX MILYON (ANR-10-LABX-0070) of Universite de Lyon,within the program ”Investissements d’Avenir” (ANR-11-IDEX-0007) operated bythe French National Research Agency (ANR).

2 A. Doumane et al.

correctness [12,15,2,9,1]. For instance, if two programs can be abstracted intotwo relational expressions (R∗;S)∗ and ((R∪S)∗;S)=, then we can deduce thatthese programs are equivalent by checking that the regular expression (a∗b)∗

and (a+ b)∗b+ 1 denote the same language. This technique made it possible toautomate reasoning steps in proof assistants [4,16,19].

In such a scenario, one often has to reason under assumptions. For instance,if we can abstract our programs into relational expressions (R+S)∗ and S∗;R∗,then we can deduce algebraically that the starting programs are equal if weknow that R;S = R (i.e., that S is a no-op when executed after R). Whendoing so, we move from the equational theory of Kleene algebras to their Horntheory: we want to know whether a given set of equations, the hypotheses, entailsanother equation in all Kleene algebras. Unfortunately, this theory is undecidablein general [13]. In this paper, we continue the work initiated by Cohen [5] andpursued by Kozen [13], by characterising the precise complexity of new subclassesof this general problem.

A few cases have been shown to be decidable in the literature, when werestrict the form of the hypotheses :

– when they are of the form e = 0 [5],– when they are of the form a ≤ 1 for a a letter [5],– when they are of the form 1 = w or a = w for a a letter and w a word,

provided that those equations seen as a word rewriting system satisfy certainproperties [18,14]; this includes equations like idempotency (x = xx) or self-invertibility (1 = xx).

(In the first two cases, the complexity can be shown to remain in PSpace.)We add one positive case, which was listed as open by Cohen [5], and which istypically useful to express that a certain number of predicates cover all cases:

– when hypotheses are of the form S = 1 for S a sum of letters.

Conversely, Kozen also studied the precise complexity of various undecidablesub-classes of the problem [13]. For those, one has to be careful about the precisedefinition of Kleene algebras. Indeed, these only form a quasi-variety (their def-inition involves two implications), and one often consider ∗-continuous Kleenealgebras [6], which additionally satisfy an infinitary implication (We define theseformally in Sect. 2). While the equational theory of Kleene algebras coincideswith that of ∗-continuous Kleene algebras, this is not the case for their Horntheories: there exist Horn sentences which are valid in all ∗-continuous Kleenealgebras but not in all Kleene algebras.

Kozen [13] showed for instance that when hypotheses are of the form pq = qpfor pairs of letters (p, q), then validity of an implication in all ∗-continuous Kleenealgebras is Π0

1 -complete, while it is only known to be ExpSpace-hard for plainKleene algebras. In fact, for plain Kleene algebras, the only known negativeresult is that the problem is undecidable for hypotheses of the form u = v forpairs (u, v) of words (Kleene star plays no role in this undecidability result: thisis just the word problem). We show that it is already undecidable, and in fact

Kleene Algebra with Hypotheses 3

1 =∑a a ≤

∑b a ≤

∑w a ≤ g

KAH ` u ≤ f Decidable EXPTIME− complete Σ01−complete Σ0

1−complete

KAH ` e ≤ f Decidable Undecidable Σ01−complete Σ0

1−complete

KA∗H ` u ≤ f Decidable EXPTIME− complete Σ0

1−complete Π11−complete

KA∗H ` e ≤ f Decidable Π0

1−complete Π02−complete Π1

1−complete

Fig. 1. Summary of the main results.

Σ01 -complete when hypotheses are of the form a ≤ S where a is a letter and S is

a sum of letters. We use a similar encoding as in [13] to relate the Horn theoriesof KA and KA∗ to runs of Turing Machines and alternating linearly boundedautomata. This allows us to show that deciding whether an inequality w ≤ fholds where w is a word, in presence of sum-of-letters hypotheses, is EXPTIME-complete. We also refine the Π1

1 -completeness result obtained in [13] for generalhypotheses, by showing that hypotheses of the form a ≤ g where a is a letteralready make the problem Π1

1 -complete.

The key notion we define and exploit in this paper is the following: given a setH of equations, and given a language L, write clH(L) for the smallest languagecontaining L such that for all hypotheses (e ≤ f) ∈ H and all words u, v,

if u[f ]v ⊆ clH(L) then u[e]v ⊆ clH(L) .

This notion makes it possible to characterise the Horn theory of ∗-continuousKleene algebras, and to approximate that of Kleene algebras: we have

KAH ` e ≤ f ⇒ KA∗H ` e ≤ f ⇔ [e] ⊆ clH([f ])

where KAH ` e ≤ f (resp. KA∗H ` e ≤ f) denotes provability in Kleene algebra(resp. ∗-continuous Kleene algebra). We study downward closed languages andprove the above characterisation in Sect. 3.

The first implication can be strengthened into an equivalence in a few cases,for instance when the regular expression e and the right-hand sides of all hy-potheses denote finite languages, or when hypotheses have the form 1 = S for Sa sum of letters. We obtain decidability in those cases (Sect. 4).

Then we focus on cases where hypotheses are of the form a ≤ e for a aletter, and we show that most problems are already undecidable there. We doso by exploiting the characterisation in terms of downward closed languages toprovide encodings of various undecidable problems on Turing machines, totalTuring machines, and linearly bounded automata (Sect. 5).

We summarise our results in Fig. 1. The top of each column restricts thetype of allowed hypotheses. Variables e, f stand for general expressions, u,w forwords, and a, b for letters. Grayed statements are implied by non-grayed ones.

Notations We let a, b range over the letters of a finite alphabet Σ. We let u, v, wrange over the words over Σ, whose set is written Σ∗. We write ε for the empty

4 A. Doumane et al.

word; uv for the concatenation of two words u, v; |w| for the length of a wordw.We write Σ+ for the set of non-empty words. We let e, f, g range over theregular expressions over Σ, whose set is written ExpΣ . We write [e] for thelanguage of such a an expression e: [e] ⊆ Σ∗. We sometimes implicitly regard aword as a regular expression. If X is a set, P(X) (resp. Pfin(X)) is the set of itssubsets (resp. finite subsets) and |X| for its cardinality.

A long version of this extended abstract is available on HAL [8], with mostproofs in appendix.

2 The systems KA and KA∗

Definition 1 (KA,KA∗). A Kleene algebra is a tuple (M, 0, 1,+, ·, ∗) where(M, 0, 1,+, ·) is an idempotent semiring and the following axioms and impli-cations, where the partial order ≤ is defined by x ≤ y if x + y = y, hold for allx, y ∈M .

1 + xx∗ ≤ x∗ xy ≤ y ⇒ x∗y ≤ y

1 + x∗x ≤ x∗ yx ≤ y ⇒ yx∗ ≤ y

A Kleene algebra is ∗-continuous if it satisfies the following implication:

(∀i ∈ N, xyiz ≤ t) ⇒ xy∗z ≤ t

A hypothesis is an inequation of the form e ≤ f , where e and f are regularexpressions. If H is a set of hypotheses, and e, f are regular expressions, wewrite KAH ` e ≤ f (resp. KA∗H ` e ≤ f) if e ≤ f is derivable from the axiomsand implications of KA (resp. KA∗) as well as the hypotheses from H. We omitthe subscript when H is empty.

Note that the letters appearing in the hypotheses are constants: they are notuniversally quantified. In particular if H = {aa ≤ a}, we may deduce KAH `a∗ ≤ a but not KAH ` b∗ ≤ b.

Languages over the alphabet Σ form a ∗-continuous Kleene algebra, as wellas binary relations over an arbitrary set.

In absence of hypotheses, provability in KA is coincides with provability inKA∗ and with language inclusion:

Theorem 1 (Kozen [11]).

KA ` e ≤ f ⇔ KA∗ ` e ≤ f ⇔ [e] ⊆ [f ]

Kleene Algebra with Hypotheses 5

We will classify the theories based on the shape of hypotheses we allow; welist them below (I is a finite non-empty set):

Name of the hypothesis Its shape

(1 =∑x)− hypothesis 1 =

∑i∈I ai where ai ∈ Σ

(w ≤∑w)− hypothesis v ≤

∑i∈I vi where v, vi ∈ Σ∗

(x ≤∑w)− hypothesis a ≤

∑i∈I vi where a ∈ Σ, vi ∈ Σ∗

(x ≤∑x)− hypothesis a ≤

∑i∈I ai where a, ai ∈ Σ

(1 ≤∑x)− hypothesis 1 ≤

∑i∈I ai where ai ∈ Σ

(x ≤ 1)− hypothesis a ≤ 1 where a ∈ Σ

We call letter hypotheses any class of hypotheses where the left-hand side isa letter (the last four ones). In the rest of the paper, we study the followingproblem from a complexity point of view: given a set of C-hypotheses H, whereC is one of the classes listed above, and two expressions e, f ∈ ExpΣ , can wedecide whether KAH ` e ≤ f (resp. KA∗H ` e ≤ f) holds? We call it the problemof deciding KA (resp. KA∗) under C-hypotheses.

3 Closure of regular languages

It is known that provability in KA and KA∗ can be characterised by languageinclusions (Thm. 1). In the presence of hypotheses, this is not the case anymore:we need to take the hypotheses into account in the semantics. We do so by usingthe following notion of downward closure of a language.

3.1 Definition of the closure

Definition 2 (H-closure). Let H be a set of hypotheses and L ⊆ Σ∗ be alanguage. The H-closure of L, denoted clH(L), is the smallest language K suchthat L ⊆ K and for all hypotheses e ≤ f ∈ H and all words u, v ∈ Σ∗, we have

u[f ]v ⊆ C ⇒ u[e]v ⊆ K

Alternatively, clH(L) can be defined as the least fixed point of the functionφL : P(Σ∗)→ P(Σ∗) defined by φL(X) = L ∪ ψH(X), where

ψH(X) =⋃

(e≤f)∈H

{u[e]v | u, v ∈ Σ∗, u[f ]v ⊆ X}.

Example 1. If H = {ab ≤ ba} then clH([b∗a∗]) = [(a+ b)∗]. while clH([a∗b∗]) =[a∗b∗].

In order to manipulate closures more conveniently, we introduce a syntacticobject witnessing membership in a closure: derivation trees.

6 A. Doumane et al.

Definition 3. Let H be a set of hypotheses and L a regular language. We definean infinitely branching proof system related to clH(L), where statements are regu-lar expressions, and rules are the following, called respectively axiom, extension,and hypothesis:

(u)u ∈ L

u

(u)u∈[e]

e

ufvw ∈ [e], e ≤ f ∈ H

uwv

We write `H,L e if e is derivable in this proof system, i.e. if there is a well-founded tree using these rules, with root e and all leaves labelled by words in L.Such a tree will be called a derivation tree for [e] ⊆ clH(L) (or e ∈ clH(L) if eis a word).

Example 2. The following derivation is a derivation tree for bababa ∈ clH([b∗a∗]),where H = {ab ≤ ba}.

bbbaaa

bbabaa

bbaaba

bababa

Derivation trees witness membership to the closure as shown by the followingproposition.

Proposition 1. [e] ⊆ clH(L) iff `H,L e.

(See [8, App. A] for a proof.)

3.2 Properties of the closure operator

We summarise in this section some useful properties of the closure. Lem. 1 showsin particular that the closure is idempotent, monotonic (both for the set ofhypotheses and its language argument) and invariant by context application.Lem. 2 shows that internal closure operators can be removed in the evaluationof regular expressions. Those two lemmas are proved in [8, App. A].

Lemma 1. Let A,B,U, V ⊆ Σ∗. We have

1. A ⊆ clH(A)2. clH(clH(A)) = clH(A)3. A ⊆ B implies clH(A) ⊆ clH(B)4. H ⊆ H ′ implies clH(A) ⊆ clH′(A)5. clH(A) ⊆ clH(B) if and only if A ⊆ clH(B).6. A ⊆ clH(B) implies UAV ⊆ clH(UBV ).

Lemma 2. Let A,B ⊆ Σ∗, then

1. clH(A+B) = clH(clH(A) + clH(B)),2. clH(AB) = clH(clH(A)clH(B)),3. clH(A∗) = clH(clH(A)∗)

Kleene Algebra with Hypotheses 7

3.3 Relating closure and provability in KAH and KA∗H

We show that provability in KA∗ can be characterized by closure inclusions. InKA, provability implies closure inclusions but the converse is not true in general.

Theorem 2. Let H be a set of hypotheses and e, f be two regular expressions.

KAH ` e ≤ f ⇒ KA∗H ` e ≤ f ⇔ [e] ⊆ clH([f ])

Proof. Let CRegH,Σ = {clH(L) | L ∈ RegΣ}, on which we define the followingoperations:

X ⊕ Y = clH(X + Y ) X � Y = clH(X · Y ) X~ = clH(X∗).

We define the closure model FH,Σ = (CRegH,Σ , ∅, {ε},⊕,�,~).We write ≤ for the inequality induced by ⊕ in FH,Σ : X ≤ Y if X ⊕ Y = Y .

Lemma 3. FH,Σ = (CRegH,Σ , ∅, {ε},⊕,�,~) is a ∗-continuous Kleene algebra.The inequality ≤ of FH,Σ coincides with inclusion of languages.

Proof. By Lem. 2, the function clH : (P(Σ∗),+, ·, ∗) → (CRegH,Σ ,⊕,�,~) isa homomorphism. We show that FH,Σ is a ∗-continuous Kleene algebra. First,identities of LangΣ = (P(Σ∗),+, ·, ∗) are propagated through the morphismclH , so only Horn formulas defining ∗-continuous Kleene algebras remain tobe verified.It suffices to prove that FH,Σ satisfies the ∗-continuity implication,because the implication xy ≤ y → x∗y ≤ y and its dual can be deduced from

it. Let A,B,C ∈ FH,Σ such that for all i ∈ N, A � B i � C ≤ D, where Bi

=

B�· · ·�B. By Lem. 2, A�B i �C = clH(ABiC), so we have clH(ABiC) ≤ D,and in particular ABiC ≤ D for all i. By ∗-continuity of LangΣ , we obtainAB∗C ≤ D. By Lem. 1 and using D = clH(D), we obtain clH(AB∗C) ≤ D andfinally by Lem. 2, A � B~ � C ≤ D. This achieves the proof that FH,Σ is a∗-continuous Kleene algebra.

Let A,B ∈ CRegH,Σ . We have A ≤ B ⇔ A⊕ B = B ⇔ clH(A+ B) = B ⇔A ⊆ B. Finally, if e ≤ f is a hypothesis from H, then we have clH [e] ⊆ clH([f ]),so the hypothesis is verified in FH,Σ .

The implications KA(∗)H ` e ≤ f ⇒ [e] ⊆ clH(f) follow from the fact that if

an inequation e ≤ f is derivable in KAH (resp. KA∗H) then it is true in everymodel, in particular in the model FH,Σ , thus clH([e]) ⊆ clH([f ]) or, equivalently.[e] ⊆ clH([f ]).

Let us prove that for any regular expressions e, f , if [e] ⊆ clH([f ]) thenKA∗H ` e ≤ f . Let e, f be two such expressions and let T be a derivation treefor [e] ⊆ clH([f ]), i.e. witnessing `H,L e ≤ f . We show that we can transformthis tree T into a proof tree in KA∗H . The extension rule is an occurrence of [8,App. A, Lem. 12]. Finally, the hypothesis rule is also provable in KA∗H , usingthe hypothesis e ≤ f together with compatibiliy of ≤ with concatenation, andcompleteness of KA∗ for membership of u ∈ [e]. We can therefore build from thetree T a proof in KA∗H witnessing KA∗H ` e ≤ f .

8 A. Doumane et al.

When we restrict the shape of the expression e to words, and hypotheses to(w ≤

∑w)-hypotheses, we get the implication missing from Thm. 2.

Proposition 2. Let H be a set of (w ≤∑w)-hypotheses, w ∈ Σ∗ and f ∈

ExpΣ.KAH ` w ≤ f ⇔ w ∈ clH([f ])

Proof. Let us show that w ∈ clH([f ]) implies KAH ` w ≤ f . We proceed byinduction on the height of a derivation tree for w ∈ clH([f ]). If this tree is just aleaf, then w ∈ [f ] and by Thm. 1 KA ` w ≤ f . Otherwise, this derivation startswith the following steps: ( . . .

uwiv)i

u(∑i wi)v

w ≤∑i wi ∈ Huwv

Our inductive assumption is that KAH ` uwiv ≤ f for all i, thus KAH `∑i uwiv ≤ f . We also have KAH ` w ≤ (

∑i wi) hence KA ` w ≤ f by dis-

tributivity.

4 Decidability of KA and KA∗ with (1 =∑

x)-hypotheses

In this section, we answer positively the decidability problem of KAH , where His a set of (1 =

∑x)-hypotheses, posed by Cohen [5]:

Theorem 3. If H is a set of (1 =∑x)-hypotheses, then KAH is decidable.

To prove this theorem we show that in the case of (1 =∑x)-hypotheses:

(P1) KAH ` e ≤ f if and only if [e] ⊆ clH([f ]).(P2) clH([f ]) is regular and we can compute effectively an expression for it.

Decidability of KAH follows immediately from (P1) and (P2), since it amountsto checking language inclusion for two regular expressions.

To show (P1) and (P2), it is enough to prove the following result:

Theorem 4. Let H be a set of (1 =∑x)-hypotheses and let f be a regular

expression. The language clH([f ]) is regular and we can compute effectively anexpression c such that [c] = clH([f ]) and KAH ` c ≤ f .

(P2) follows immediatly from Thm. 4. To show (P1), it is enough to provethat [e] ⊆ clH([f ]) implies KAH ` e ≤ f , since the other implication is alwaystrue (Thm. 2). Let e, f such that [e] ⊆ clH([f ]). If c is the expression given byThm 4, we have KAH ` c ≤ f and [e] ⊆ [c] so by Thm. 1 KA ` e ≤ c, and thisconcludes the proof.

To prove Thm. 4, we first show that the closure of (1 =∑x)-hypotheses can

be decomposed into the closure of (x ≤ 1)-hypotheses followed by the closure of(1 ≤

∑x)-hypotheses:

Kleene Algebra with Hypotheses 9

Proposition 3 (Decomposition result). Let H = {1 = Sj | j ∈ J} be a setof (1 =

∑x)-hypotheses.

We set Hsum = {1 ≤ Sj | j ∈ J} and Hid = {a ≤ 1 | a ∈ [Sj ], j ∈ J}. Forevery language L ⊆ Σ∗, we have clH(L) = clHsum

(clHid(L)).

Sketch. We show that rules from Hid can be locally permuted with rules of Hsum

in a derivation tree. This allows to compute a derivation tree where all rules fromHid occur after (i.e. closer to leaves than) rules from Hsum .

Now, we will show results similar to Thm. 4, but which apply to (x ≤ 1)-hypotheses and (1 ≤

∑x)-hypotheses (Prop. 5 and 6 below). To prove Thm. 4,

the idea is to decompose H into Hid and Hsum using the decomposition propertyProp. 3, then applying Prop. 5 and Prop. 6 to Hid and Hsum respectively.

To show these two propositions, we make use of a result from [7]:

Definition 4. Let A = (Q,∆, ι, F ) be an NFA , H be a set of hypotheses andϕ : Q → ExpΣ a function from states to expressions. We say that ϕ is H-compatible with A if:

– KAH ` 1 ≤ ϕ(q) whenever q ∈ F ,– KAH ` aϕ(r) ≤ ϕ(q) for all transitions (q, a, r) ∈ ∆.

We set ϕA = ϕ(ι).

Proposition 4 ([7]). Let A be a NFA, H be a set of hypothesis and ϕ be afunction H-compatible with A. We can construct a regular expression fA suchthat:

[fA] = [A] and KAH ` fA ≤ ϕA

Proposition 5. Let H be a set of (x ≤ 1)-hypotheses and let f be a regularexpression. The language clH([f ]) is regular and we can compute effectively anexpression c such that [c] = clH([f ]) and KAH ` c ≤ f .

Proof. Let K = clH([f ]) and Γ = {a | (a ≤ 1) ∈ H}, we show that K is regular.If A is a NFA for f , a NFA Aid recognizing K can be built from A by adding aΓ -labelled loop on every state. It is straightforward to verify that the resultingNFA recognizes K, by allowing to ignore any letter from Γ .

For every q ∈ Q, let fq be a regular expression such that [fq] = [q]A, where[q]A denotes the language accepted from q in A. Let ϕ : Q→ ExpΣ which mapseach state q of Aid (which is also a state of A) to ϕ(q) = fq. Let us show thatϕ is H-compatible with A. If q ∈ F , then 1 ∈ [fq], so by completeness of KA,we have KA ` 1 ≤ fq. Let (p, a, q) be a transition of Aid . Either (p, a, q) ∈ ∆, inwhich case we have a[fq] ⊆ [fp], and so by Thm. 1 KA ` afq ≤ fp. Or p = q (thistransition is a loop that we added). Then KAH ` a ≤ 1, so KAH ` afp ≤ fp,and this concludes the proof.

By Prop. 4, we can now construct a regular expression c which satisfies thedesired properties.

10 A. Doumane et al.

Definition 5. Let Γ be a set of letters. A language L is said to be Γ -closed if:

∀u, v ∈ Σ∗,∀a ∈ Γ uv ∈ L ⇒ uav ∈ L

If H = {1 ≤ Si | i ∈ I} is a set of (1 ≤∑x)-hypotheses, we say that a

language L is H-closed if if it is Γ -closed where Γ = ∪i∈I [Si].

Remark 1. If H is a set of (x ≤ 1)-hypothesis, and Γ = {a | (a ≤ 1) ∈ H}, thenclH(L) is Γ -closed for every language L.

Proposition 6. Let H be a set of (1 ≤∑x)-hypotheses and let f be a regular

expression whose language is H-closed. The language clH([f ]) is regular and wecan compute effectively an expression c such that [c] = clH([f ]) and KAH ` c ≤ f .

Proof. We set L = [f ], H = {1 ≤ Sj | j ∈ J} and Γ = {a | a ∈ [Sj ], j ∈ J}.Let us show that clH(L) is regular. The idea is to construct a set of words

L], where each word u] is obtained from a word u of clH(L), by adding at theposition where a rule (1 ≤ Sj) is applied in the derivation tree for clH(L) ` u, anew symbol ]j . We will show that this set satisfies the two following properties:

– clH(L) is obtained from L] by erasing the symbols ]j .– L] is regular.

Since the operation that erases letters preserves regularity, we obtain as a coro-lary that clH(L) is regular.

Let us now introduce more precisely the language L] and show the propertiesthat it satisfies. Let Θ] = {]j | j ∈ J} be a set of new letters and Σ] = Σ ∪ Θ]be the alphabet Σ enriched with these new letters.

We define the function exp : Σ] → P(Σ) that expands every letter ]j intothe sum of the letters corresponding to its rule in H as follows:

exp(a) = a if a ∈ Σexp(]j) = {a | a ∈ [Sj ]} ∀j ∈ J

This function can naturally be extended to exp : (Σ])∗ → P(Σ∗).

If L ⊆ Σ∗, we define L] ⊆ (Σ])∗ as follows:

L] = exp−1(P(L)) = {u ∈ (Σ])∗ | exp(u) ⊆ L}

We define the morphism π : (Σ])∗ → Σ∗ that erases the letters from Θ] as

follows: π(a) = a if a ∈ Σ and π(]j) = ε for all j ∈ J . Our goal is to provethat clH(L) = π(L]) and that L] is regular. To prove the first part, we need analternative presentation of L] as the closure of a new set of hypotheses H] whichwe define as follows:

H] = {]j ≤ Sj | j ∈ J} ∪ {]j ≤ 1 | j ∈ J}

Lemma 4. We have L] = clH](L). In particular L] is Θ]-closed.

See App. B for a detailed proof of Lem. 4.

Kleene Algebra with Hypotheses 11

Lemma 5. clH(L) = π(L]).

Proof. If u ∈ π(L]), let v ∈ L] such that u = π(v). By Lem. 4, there is aderivation tree Tv for v ∈ clH]

(L). Erasing all occurences of ]j in Tv yields aderivation tree for u ∈ clH(L).

Conversely, if u ∈ clH(L) is witnessed by some derivation tree Tu, we showby induction on Tu that there exists v ∈ L] ∩ π−1(u). If Tu is a single leaf, wehave u ∈ L, and therefore it suffices to take v = u.

Otherwise, the rule applied at the root of Tu partitions u into u = wz, and haspremises {wbz | b ∈ [Sj ]} for some j ∈ J and w, z ∈ Σ∗. By induction hypothesis,for all b ∈ [Sj ], there is vb ∈ L] ∩ π−1(wbz). Let w = w1 . . . wn and z = z1 . . . zmbe the decompositions of w, z into letters of Σ. By definition of π, for all b ∈ [Sj ],vb can be written vb = αb,1w1αb,2w2 . . . wnαb,nbαb,n+1z1αb,n+2 . . . zmαb,n+m+3,with αb,0 . . . αb,n+m+3 ∈ (Θ])

∗. For each k ∈ [0, n+m+ 3], let αk = Πb∈[Sj ]αb,k.Let w′ = α0w1α1 . . . wnαn+1 and z′ = αn+2z1αn+3 . . . zmαn+m+3 By Lem. 4, L]is Θ]-closed, so for each b ∈ [Sj ] the word v′b = w′bz′ is in L], since v′b is obtainedfrom vb by adding letters from Θ]. We can finally build v = w′]jz

′. We haveexp(v) =

⋃b∈[Sj ] exp(v′b) ⊆ L, and π(v) = π(w′)π(z′) = wz = u.

Lemma 6. L] is a regular language, computable effectively.

Sketch. From a DFA A = (Σ,Q, q0, F, δ) for for L, we first build a DFA A∧ =(Σ,P(Q), q0,P(F ), δ∧),which corresponds to a powerset construction, exceptthat accepting states are P(F ). This means that the semantic of a state Pis the conjunction of its members. We then build A] = (Σ,P(Q), q0,P(F ), δ])based on A∧, which can additionally read letters of the form ]j , by expandingthem using the powerset structure of A∧.

Lemma 7. We can construct a regular expression c such that [c] = clH(L) andKAH ` c ≤ f .

Proof. Let A] be the DFA constructed for L] in the proof of Lem. 6. We willuse the notations of this proof in the following.

Let π(A]) = (Σ,P(Q), q0,P(F ), π(δ])) be the NFA obtained from A] by re-placing every transition δ](P, ]j) = R, where j ∈ J , by a transition π(δ])(P, ε) =R. By Lem. 5, the automaton π(A]) recognizes the language clH(L). Let usconstruct a regular expression c for this automaton such that KAH ` c ≤ f .

For every P ∈ P(Q), let fP be a regular expression such that [fP ] = [P ]A∧ .Let ϕ : P(Q)→ ExpΣ be the function which maps each state P of π(A]) to

ϕ(P ) = fP . Let us show that ϕ is H-compatible.If P ∈ P(F ), then P is a final state of A∧, so 1 ∈ [fP ], and by completeness

of KA, KA ` 1 ≤ fP . Let (P, a,R) ∈ π(∆]). Either a ∈ Σ, so (P, a,R) ∈ ∆∧ anda[fR] ⊆ [fP ], so by Thm. 1 KA ` afR ≤ fP . Or a = ε so there is j ∈ J such that(P, ]j , R) ∈ ∆]. This means that R = ∪b∈[Sj ]Rb where δ∧(P, b) = Rb,∀b ∈ [Sj ].We have then that b[fRb

] ⊆ [fP ] for all b ∈ [Sj ]. Note that for all b ∈ [Sj ],Rb ⊆ R, so [fR] ⊆ [fRb

] and then Sj [fR] ⊆ [fP ]. By Thm. 1 KA ` SjfR ≤ fP .We have also that KAH ` ]j ≤ Sj , so KAH ` ]jfR ≤ fP .

By Prop. 4, we can construct the desired regular expression c.

12 A. Doumane et al.

5 Complexity results for letter hypotheses

In this section, we give a recursion-theoretic characterization of KAH and KA∗Hwhere H is a set of letter hypotheses or (w ≤

∑w)-hypotheses. In all the section,

by “deciding KA(∗)H ” we mean deciding whether KA

(∗)H ` e ≤ f , given e, f,H as

input.Theses various complexity classes will be obtained by reduction from some

known problems concerning Turing Machines (TM) and alternating linearlybounded automata (LBA), such as halting problem and universality.

To obtain these reductions, we build on a result which bridges TMs and LBAson one hand and closures on the other: the set of co-reachable configurations ofa TM (resp. LBA) can be seen as the closure of a well-chosen set of hypotheses.

We present this result in Section 5.1, and show in Section 5.2 how to instan-tiate it to get our complexity classes.

5.1 Closure and co-reachable states of TMs and LBAs

Definition 6. An alternating Turing Machine over Σ is a tupleM = (Q,QF , Γ, ι, B,∆)consisting of a finite set of states Q and final states QF ⊆ Q, a finite set of statesQ, a finite working alphabet Γ ⊇ Σ, an initial state ι ∈ Q, B ∈ Γ the blanksymbol and a transition function ∆ : (Q \ QF ) × Γ → P(P({L,R} × Γ × Q)).Let #L,#R /∈ Γ be fresh symbols to mark the ends of the tape, and Γ# =Γ ∪ {#L,#R}.

A configuration is a word uqav = #LΓ∗QΓ+#R, where #L and #R are

special symbols not in Γ , meaning that the head of the TM points to the lettera. We denote by C the set of configurations of M. A configuration is final if itis of the form #LΓ

∗QFΓ+#L.

The execution of the TM M over input w ∈ Σ may be seen as a game-likescenario between two players ∃loise and ∀belard over a graph Ct(C×P({L,R}×Γ ×Q)), with initial position ιw which proceeds as follows.

– over a configuration uqav with a ∈ Γ , u, v ∈ Γ ∗#, ∃loise picks a transitionX ∈ ∆(q, a) to move to position (uqav,X)

– over a position (uqav,X) with a ∈ Γ , u, v ∈ Γ ∗, ∀belard picks a triple(d, c, r) ∈ X to move in configuration

• ucrB#R if v = #R and d = R• ucrv if v 6= #R and d = R• #LrBcv if u = #L and d = L• u′rbcv if u = #Ru

′b and d = L

Given a subset of configurations D ⊆ C, we define Attr∃loise(D) the ∃loiseattractor for D as the set of configurations from which ∃loise may force theexecution to go through D.

Kleene Algebra with Hypotheses 13

A deterministic TM M is one where every ∆(q, a) ⊆ {{(d, c, r)}} for some(d, c, r) ∈ {L,R}×Γ ×Q In such a case, we may identifyM with the underlyingpartial function [M] : Σ∗ ⇀ QF .

An alternating linearly bounded automaton over the alphabet Σ is a tupleA = (Q,QF , Γ, ι,∆) where (Q,QF , Γ t{B}, ι, B,∆) is a TM that does not insertB symbols. This means that the head can point to ]d , and for every X ∈ ∆(q,#d)and (d′, a, r) ∈ X, we have d 6= d′ and a = #d.

An LBA is deterministic if its underlying TM is.

Definition 7. A set of (w ≤∑w)-hypotheses is said to be length-preserving if

for every (v ≤∑i∈I vi) ∈ H, we have that |v| = |vi| for all i ∈ I.

The following lemma generalizes a similar construction from [13].

Lemma 8. For every TM M of working alphabet Γ , there exists a set of (w ≤∑w)-hypotheses HM over the alphabet Θ = Q ∪ Γ such that, for any set of

configurations D ⊆ C we have that: clHA(D) = Attr∃loise(D). Furthermore, thisreduction is polytime computable, and HA is length-preserving if M is an LBA.

A configuration c is co-reachable if ∃loise has a strategy to reach a finalconfiguration from c. Lem. 8 shows that the set of co-reachable configurationscan be seen as the closure by (w ≤

∑w)-hypotheses. Since we are also interested

in (x ≤∑x)-hypotheses, we will show that (w ≤

∑w) hypotheses can be

transformed into letter hypotheses. Moreover, this transformation preserves thelength-preserving property.

Theorem 5. Let Σ be an alphabet, H be a set of (w ≤∑w)-hypotheses over

Σ. There exists an extended alphabet Σ′ ⊇ Σ, a set of (x ≤∑w)-hypotheses

H ′ over Σ′ and a regular expression h ∈ ExpΣ′ such that the following holds forevery f ∈ ExpΣ and w ∈ Σ∗.

w ∈ clH([f ]) if and only if w ∈ clH′([f + h])

Furthermore, we guarantee the following:

– (Σ′, H ′, h) can be computed in polynomial time from (Σ,H).– H ′ is length-preserving whenever H is.

5.2 Complexity results

Lemma 9. If H is a set of length-preserving (w ≤∑w)-hypotheses (resp. a

set of (x ≤∑x)-hypotheses), w ∈ Σ∗ and f ∈ ExpΣ, deciding KAH ` w ≤ f is

EXPTIME− complete.

Proof. We actually show that our problem is complete in alternating-PSPACE(APSPACE), which enables us to conclude as EXPTIME and APSPACE coin-cide. First, notice that by completeness of KAH over this fragment (Prop. 2),we have KAH ` w ≤ f ⇔ w ∈ clH([f ]). Hence, we work directly with the latter

14 A. Doumane et al.

notion. It suffices to show hardness for the (x ≤∑x) case and membership for

the (w ≤∑w) case.

Given an arbitrary alternating Turing MachineM in APSPACE there existsa polynomial p ∈ N[X] such that executions of M over words w are bisimilarto executions of the LBA(M) over wBp(|w|). Hence, by Lem. 8 and Thm. 5,the problem with (x ≤

∑x)-hypotheses is APSPACE-hard. Conversely, we may

show that our problem with (w ≤∑w)-hypotheses falls into APSPACE. On

input w, the alternating algorithm first checks whether w ∈ [f ] in linear time.If it is the case, it returns “yes”. Otherwise, it non-deterministically picks a fac-torization w = uxv with x ∈ Σ∗ and a hypothesis x ≤

∑i yi. It then universally

picks yi ∈ Σ|x|, and replaces x by yi on the tape, so that the new tape contentis w′ = uyiv. Then the algorithm loops back to its first step. In parallel, wekeep track of the number of steps and halt by returning “no” as soon as we

reach |Σ||w| steps. This is correct because, if there is a derivation tree witnessingw ∈ clH([f ]), there is one where on every path, all nodes have distinct labels, sothe nondeterministic player can play according to this tree, while the universalplayer selects a branch.

Theorem 6. Deciding KA∗H is Π01−complete for (x ≤

∑x)-hypotheses.

Proof. By Lem. 9 and the fact that regular expressions are in recursive bijectionwith natural numbers, our set is clearly Π0

1 . To show completeness, we effectivelyreduce the set of universal LBAs, which is known to be Π0

1−complete, to our setof triples. Indeed, by Lem. 8, an LBA A is universal if and only if #L{ι}Σ∗#R ⊆clH(CF ) where CF is the set of final configurations.

Theorem 7. If H is a set of (x ≤∑w)-hypotheses, w ∈ Σ∗ and f ∈ ExpΣ,

deciding KA(∗)H ` w ≤ f is Σ0

1−complete.

Proof. As KAH is a recursively enumerable theory, our set is Σ01 . By the com-

pleteness theorem (Prop. 2), we have KAH ` w ≤ f ⇔ KA∗H ` w ≤ f ⇔ w ∈clH([f ]), so we may work directly with closure. In order to show completeness, wereduce the halting problem for Turing machines (on empty input) to this prob-lem. LetM be a Turing machine with alphabet Σ and final state qf , and HM bethe set of (w ≤

∑w)-hypotheses given effectively by Lem. 8. Let f = Σ∗qfΣ

∗,by Lem. 8 we have M halts on empty input if and only if q0 ∈ clHM(f). Noticethat hypotheses of H ′ are of the form u ≤ V where u ∈ Θ3 and V ⊆ Θ3. ByThm. 5, we can compute a set H ′ of (x ≤

∑x)-hypotheses, and an expression

h on an extended alphabet such that q0 ∈ clHM([f ])⇔ q0 ∈ clH′([f + h]).

Theorem 8. Deciding KA∗H is Π02−complete for (x ≤

∑w)-hypotheses.

Proof. This set is Π02 by Thm. 7. It is complete by reduction from the set of

Turing Machines accepting all inputs, which is known to be Π02 . Indeed, let M

be a Turing Machine on alphabet Σ with final state qf , by Lem. 8, we cancompute a set of (w ≤

∑w)-hypotheses HM with finite language in second

components such that c ∈ clHM(c′) if and only if configuration c′ is reachable

Kleene Algebra with Hypotheses 15

from c. As before, by Thm. 5, we can compute a set of letter hypotheses H ′

with finite languages in second components, and a regular expression h on anextended alphabet, such that for any clH′([f + h]) ∩ Θ∗ = clH([f ]) for anyf ∈ ExpΘ. Let Cf = Σ∗qfΣ

∗, we obtain that M accepts all inputs if and onlyif [q0Σ

∗] ⊆ clH′([Cf + h]), which achieves the proof of Π02 -completeness.

Theorem 9. Deciding KA∗H is Π11−complete for (x ≤ g)-hypotheses (g ∈ ExpΣ).

Sketch. It is shown in [13] that the problem is complete with hypotheses of theform H = Hw ∪ {x ≤ g}, where Hw is a set of length-preserving (w ≤

∑w)

hypotheses. A slight refinement of Thm. 5 allows us to reduce this problem tohypotheses of the form x ≤ g.

5.3 Undecidability of KAH for sums of letters

Fix an alphabet Σ, a well-behaved coding function d·e of Turing machines withfinal states {0, 1} into Σ∗ and a recursive pairing function 〈·, ·〉 : Σ∗×Σ∗ → Σ∗.A universal total F : Σ∗ → {0, 1} is a function such that, for every total Turingmachine M and input w ∈ Σ∗ we have F (〈dMe, w〉) = [M ](w). In particular,F should be total and is not uniquely determined over codes of partial Turingmachines. The next folklore lemma follows from an easy diagonal argument.

Lemma 10. There is no universal total Turing machine.

Our strategy is to show that decidability of KAH with (x ≤∑x) hypothe-

ses would imply the existence of a universal total TM. To do so, we need oneadditional lemma.

Lemma 11. Suppose that M = (Q,QF , Γ, ι, B,∆) is a total Turing machinewith final states {0, 1} and initial state ι. Let w ∈ Σ∗ be an input word for M.

Then there is effectively a set of length-preserving (w ≤∑w)-hypotheses H

and expressions ew, h such that [M](w) = 1 if and only if KAH ` ew ≤ h

Theorem 10. KAH is undecidable for (x ≤∑x)-hypotheses.

Proof. Assume that KAH is decidable. This means that we have an algorithm Ataking tuples (Σ,w, f,H), with H consisting only of sum-of-letters hypothesesand returning true when KAH ` w ≤ f and false otherwise. Without loss ofgenerality, we can assume that A is total. By Thm. 5, we may even providean algorithm A′ taking as input tuples (w, f,H) where H is a set of length-preserving (w ≤

∑w)-hypotheses with a similar behaviour: A′ returns true

when KAH ` w ≤ f and false otherwise.Given A′, consider M defined so that [M](dNe, w) = [A′](ew, h,H). where

the last tuple is given by Lem. 11. We show thatM is a total universal Turing ma-chine. Since such a machine cannot exist by Lem. 10, this is enough to conclude.Since A′ is total, so isM. For total Turing Machines N , Lem. 11 guarantees that[N ](w) = 1 if and only if [A′](ew, h,H) = [M](dNe, w) = 1. Since both [A′] and[M] are total with codomain {0, 1}, we really have [M](dNe, w) = [N ](w).

16 A. Doumane et al.

References

1. C. J. Anderson, N. Foster, A. Guha, J.-B. Jeannin, D. Kozen, C. Schlesinger, andD. Walker. NetKAT: semantic foundations for networks. In Proc. POPL, pages113–126. ACM, 2014.

2. A. Angus and D. Kozen. Kleene algebra with tests and program schematology.Technical Report TR2001-1844, CS Dpt., Cornell University, July 2001.

3. M. Boffa. Une remarque sur les systemes complets d’identites rationnelles. Infor-matique Theorique et Applications, 24:419–428, 1990.

4. T. Braibant and D. Pous. An efficient Coq tactic for deciding Kleene algebras. InProc. 1st ITP, volume 6172 of LNCS, pages 163–178. Springer, 2010.

5. E. Cohen. Hypotheses in Kleene algebra. Technical report, Bellcore, Morristown,N.J., 1994.

6. J. H. Conway. Regular algebra and finite machines. Chapman and Hall, 1971.7. A. Das, A. Doumane, and D. Pous. Left-handed completeness for kleene algebra,

via cyclic proofs. In Proc. LPAR, volume 57 of EPiC Series in Computing, pages271–289. EasyChair, 2018.

8. A. Doumane, D. Kuperberg, D. Pous, and P. Pradic. Kleene algebra with hy-potheses. Full version of this extended abstract, available at https://hal.

archives-ouvertes.fr/hal-02021315, 2019.9. C. A. R. Hoare, B. Moller, G. Struth, and I. Wehrman. Concurrent Kleene Algebra.

In Proc. CONCUR, volume 5710 of LNCS, pages 399–414. Springer, 2009.10. S. C. Kleene. Representation of events in nerve nets and finite automata. In

Automata Studies, pages 3–41. Princeton University Press, 1956.11. D. Kozen. A completeness theorem for Kleene algebras and the algebra of regular

events. Inf. and Comp., 110(2):366–390, 1994.12. D. Kozen. On Hoare logic and Kleene algebra with tests. ACM Trans. Comput.

Log., 1(1):60–76, 2000.13. D. Kozen. On the complexity of reasoning in Kleene algebra. Inf. and Comp.,

179:152–162, 2002.14. D. Kozen and K. Mamouras. Kleene algebra with equations. In Proc. ICALP,

volume 8573 of LNCS, pages 280–292. Springer, 2014.15. D. Kozen and M.-C. Patron. Certification of compiler optimizations using Kleene

algebra with tests. In Proc. CL2000, volume 1861 of LNAI, pages 568–582.Springer, 2000.

16. A. Krauss and T. Nipkow. Proof pearl: Regular expression equivalence and relationalgebra. JAR, 49(1):95–106, 2012.

17. D. Krob. Complete systems of B-rational identities. TCS, 89(2):207–343, 1991.18. K. Mamouras. Extensions of Kleene Algebra for Program Verification. PhD thesis,

Cornell University, Ithaca, NY, 2015.19. D. Pous. Kleene Algebra with Tests and Coq tools for while programs. In Proc.

ITP, volume 7998 of LNCS, pages 180–196. Springer, 2013.